You are viewing documentation for Falco version: v0.33.1

Falco v0.33.1 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Falco Rules

Last modified December 19, 2022
Default rules and macros, supported events, rule fields and examples

Rule fields

Understand what role each field in a rule plays

Default Macros

Use the default macros to simplify Falco Rules

Macros to Override

Control the behavior of some rules by enabling or disabling these default macros

Supported Syscall Events

Find out which syscall events Falco supports

Supported Fields for Conditions and Outputs

Events fields that you can use in conditions and outputs of Falco Rules

Rules Examples

Several examples of Falco Rules